US banks bear down against familiar DDoS threat

Financial institutions across the United States were placed on high alert once again this week after threats were made by a familiar foe. The Middle Eastern hacktivist collective known as the Cyber fighters of Izz ad-din Al-qassam resurfaced after approximately six weeks of radio silence to warn banks that a new wave of distributed-denial-of-service (DDoS) would soon be on the way.

Although data security teams understand the importance of keeping a watchful eye over network activity at all times, this threat was of particular interest considering the group's track record. According to InformationWeek, Bank of America, JPMorgan Chase, Wells Fargo, HSBC and the New York Stock Exchange were just a few of the organizations affected by the group's original campaign in September. At the time, the relatively unheralded hackers openly declared which sites they would be targeting as well as which days and times. Nevertheless, security systems could not stand up to the sheer volume of erroneous traffic funneled their way.

This month, a handful of banks including PNC and Bancorp have issued statements in response to website performance issues noted by their customers. However, none classified the disruptions a direct result of DDoS attacks.

But while banks have not given credence to the hacktivist link as of yet, independent researchers have suggested that the group may have made good on its latest promise. According to CSO Online, Arbor Networks analysts tracked some bank networks' peak activity at greater than 63 gigabytes per second. The average rate for DDoS attacks during the previous month was a mere 1.67 gigabytes per second.

Drilling DDoS response protocol
While it remains to be seen whether this month's hacktivist proclamation was a false alarm or the worst is yet to come, the silver lining could be the series of teachable moments that emerged as a result.

According to CIO.com columnist Antone Gonsalves, the relative success enjoyed by the group in recent months should be a clear indicator that perimeter-based defenses such as firewalls and intrusion prevention systems are of limited utility in the age of advanced – and often primarily automated – DDoS attacks. While they can still serve as effective web filtering tools, organizations need systems that provide real-time intelligence that help spot anomalous activity before it snowballs into something more serious.

Companies must also keep a closer eye on their application inventories, according to Gonsalves, as a greater variety and severity of attacks seem to be coming through this layer in recent times.